IT disaster recovery, cloud computing and information security news

Protecting data is no longer just an IT problem: Ponemon study

When it comes to the biggest threats facing UK companies, IT practitioners and CMOs both believe that a data breach ranks near the top, behind poor customer service, as it relates to their company’s reputation and brand value. Yet 39 percent (IT) and 36 percent (CMOs) don’t believe that brand protection is taken seriously by senior level executives. These findings were part of ‘The Impact of Data Breaches on Reputation & Share Value: A Study of Marketers, IT Practitioners and Consumers in the UK’. This Ponemon research study was commissioned by Centrify and has revealed the far-reaching consequences of data security breaches across an organization and the significant negative effect on company finances, shareholder value and brand reputation. And while the study found that a data breach has a significant impact on brand reputation, 71 percent of IT practitioners do not believe that brand protection is their responsibility.

For the study, a portfolio of share prices was composed for 113 publicly traded benchmarked companies who had experienced a data breach involving the loss of customer or consumer data. The index value was tracked 30 days prior to the announcement of the data breach and 120 days following the data breach. These companies experienced a 5 percent price decline immediately following the disclosure of the breach. However, companies with a strong security posture – companies that have made investments in people, process and technologies - were less likely to see a decline in share prices; mainly because they were better equipped to respond.

Those companies with a self-reported superior security posture saw a decline of no more than three percent, and after 120 days following a breach, successfully rebounded with a three percent gain in stock price prior to the breach. In contrast, those with a poor security posture experienced a share price decline as high as seven percent, and 120 days following the breach, did not fully recover the share price that the company had prior to the breach. Customer loyalty was also impacted with 65 percent of consumers having lost trust in the breached company and 27 percent of consumers discontinuing their relationship altogether.

IT under scrutiny

While 63 percent of IT feared losing their job after a breach, the reality is the IT function is placed under greater scrutiny following a data breach. For those IT practitioners that had experienced a data breach, the most negative consequences were: significant financial harm (52 percent), greater scrutiny of the capabilities of the IT function (51 percent) significant brand and reputation damage (35 percent) and decreased customer and consumer trust in their organization (35 percent).

Business impact and organizational disconnect

The study showed a significant disconnect across the business when it comes to responsibilities and brand reputation ownership:

70 percent of IT practitioners do not believe their companies have a high-level ability to prevent breaches, however 58 percent of CMOs are confident that their company would be resilient to a data breach that results in the loss or theft of high value assets.

There’s a clear blind spot when it comes to data breaches and the impact they have on share price. Just 23 percent of CMOs and 3 percent of IT practitioners are concerned about a decline in their company’s share price. For those that had a breach, only five percent of CMOs and six percent of IT professionals say that there was a decline in share price as a result of the breach.

While IT practitioners and CMOs are both worried about the loss of reputation after a breach, their concerns apply only to their specific job function. For CMOs the top three concerns from a data breach were lost of reputation (67 percent), decline in revenues (53 percent) and loss of customers (46 percent). For IT, the biggest concerns were loss of their jobs (63 percent), loss of reputation (43 percent) and time to recover decreases productivity (41 percent).

Want news and features emailed to you?

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.